Careers
SubscribeStatement in Support of Firm Reporting Amendments
Remarks as prepared for delivery
Thank you, Chair Williams.
I support amending PCAOB reporting requirements to increase the amount of information available to investors and to the Board about registered audit firms.
In my view, good data helps to drive better decisions: both for investors in making investment and voting decisions and for the Board in faithfully executing its oversight function. Auditors play a critical gatekeeping role in our capital markets. Currently, however, there is limited public information regarding the firm governance and network arrangements that some firms participate in. Additionally, as a regulator, our Board should be apprised promptly of material firm events or incidents that could significantly impact a firm’s audit practice. I believe that the firm reporting amendments before us today will enable investors and the Board to analyze more “decision-useful” data in making assessments of firms and the audits that they conduct.
One example of this data is the enhanced information that will be required in firm annual reports. Currently, the annual report on Form 2 requires a firm to disclose information about its practice, including identification of audit reports issued to issuers and/or broker dealers; disclosure of the firm’s offices and affiliations; and details regarding a firm’s personnel, including the number of CPAs. Under the final amendments, registered firms will be required to provide governance information, including data about its leadership, legal structure and ownership. Additionally, to the extent that a firm is a part of a network, it will need to describe its network arrangement, including whether it can access network resources, such as audit methodologies and training, and whether the firm has any financial ties to other firms within the network, such as a loan agreement. This level of transparency regarding a firm’s operations will better enable investors and the Board to assess opportunities and potential challenges that a firm may face. Additionally, the Board will have even greater insight about the financial standing of the largest firms, given the new requirement for such firms to provide financial statements to the PCAOB on a confidential basis.
Through our inspections program, we identify high quality audits and poor quality audits. Given our mission, we are always considering what regulatory tools can be activated to drive improved audit quality. On the one hand, we want to share good practices when we find them; and on the other hand, we want to understand the circumstances that yield poor results and provide support and guidance, where appropriate. A firm’s governance impacts its culture, and culture often drives results. As our staff has previously indicated, we are doing a deep dive to better assess how firm culture might correlate with inspection results. The enhanced disclosures on Form 2 will enable the Board and investors to make more informed assessments and comparisons of firms’ operational framework and how such frameworks impact audit quality.
Some commenters on our proposal were of the view that voluntary firm transparency reports and/or voluntary audit quality reports provide sufficient information to the public. While some of the information required by the final amendments is already disclosed by firms, one of the challenges with voluntary firm reporting is that the information is not standardized across firms. Additionally, methodologies can differ from firm to firm and from year to year. And, there are firms that do not issue transparency or audit quality reports. Today’s firm reporting amendments will help standardize reported information across all registered firms and will increase the level of transparency about firm governance and operations.
Another example of decision-useful information that will be required relates to reports about material events that firms must submit to the Board on a confidential basis. This requirement would encompass material events pertaining to a firm’s organization, its liquidity and financial standing; including, for example, whether a determination has been made that there is substantial doubt about a firm’s ability to continue as a going concern. As a regulator with a mission to protect investors, I believe that it is important for the Board to be informed about significant events in the life of a firm and to obtain such information as quickly as possible. The Board wants to ensure that it learns about potentially market moving events from registered firms first, and not from news headlines. It is important to note that we have scaled this component of the amendments such that it only applies to firms that are annually inspected by the Board.
The final data enhancement that I will note, at this time, is confidential disclosure concerning significant cybersecurity incidents, which will be reported only to the Board, and public disclosure regarding a firm’s cybersecurity policies and procedures. Those of us who leverage technology in our everyday lives, for things such as personal banking and communication with medical providers, understand the need for robust cybersecurity policies and procedures. When we receive email alerts or letters in the mail regarding how personal data that we entrusted to a reputable service provider or repository have been compromised, we consider whether there will be adverse impacts on our identity and our resources. We also question whether our personal information was sufficiently safeguarded. We know quite well that cyber incidents can cause major disruptions for individuals and for the companies and firms targeted.
As such, the Board should be informed on a prompt basis of significant cybersecurity incidents that could adversely affect a firm’s ability to conduct its audit practice. Additionally, the public should be able to discern the robustness of a firm’s policies and procedures relating to cyber security. As outlined in the release, our staff has discerned “that cybersecurity incidents at audit firms are increasing in both volume and complexity.” If a firm suffers debilitating effects from a cybersecurity incident, if accounting and financial data it holds are compromised, the impact on issuer and broker-dealer audits could be expansive. Again, as a regulator with a mission to protect investors, prompt knowledge of such cybersecurity incidents will enable the Board to swiftly assess how to help preserve the integrity of the audit, and ultimately, our capital markets.
With these considerations in mind, I support adoption of the final amendments. As discussed in the release, investors will be able to digest more information about registered firms, which may influence their investment and voting decisions. Further, the additional data and more timely data about registered firms’ operations will better inform the Board’s oversight decisions, including deployment of inspection resources, improvement of our rules and standards, and consideration and analysis of confidential firm information to more effectively advance our investor protection mission.
In closing, I want to thank commenters for their thoughtful insights with respect to this project. The adopting release reflects a number of ways in which we acknowledged and addressed commenter viewpoints, including, one, our decision not to require that financial statements be reported in accordance with the applicable financial reporting framework in a firm’s jurisdiction; and, two, our decision not to accelerate the filing date for all Form 3 filings, and instead only require that material events and cybersecurity incidents be subject to accelerated reporting. Overall, I believe that the final amendments before us today benefited tremendously from commenter input.
The road to adoption of our rules and standards is typically an intensive and extensive undertaking that requires input and insight from across our organization. As such, I want to thank several members of our dedicated staff for their contributions to this project: from the Office of the General Counsel: James Cappoli, Connor Raso, Katherine Kelly, Damon Andrews, and Marc Francis; from the Office of Economic and Risk Analysis: Martin Schmalz, Erik Durban, Dylan Rassier, and Carrie Von Bose; from the Office of the Chief Auditor: Jessica Watts, Karen Wiedemann, Linnette Klinedinst, and David Ellam; from the Office of Enforcement and Investigations: Kristen VanFossen, John Abell, Kyra Armstrong, Brett Collings, and Tina Bell; from the Division of Registration and Inspections: Christine Gunia, Tim Sikes, Carol Swaniker, Michael Stevenson, Alan Kerwin, Pamela Robinson, Eugene Theron, Kathleen Ostasiewski, and Abena Glasgow.
Also, I want to thank my fellow Board members and my staff for their attention and contributions to this project. And finally, I would like to thank the staff in the SEC’s Office of the Chief Accountant for their assistance with this project.